Radio frequency patch antenna and system for permitting secure access to a restricted area

ABSTRACT

A wireless device access system employs short-range wireless communication to require the proximity of a user device to a restricted area prior to communicating an unlock request. The access system authenticates the unlock request and the proximity of the user to the restricted area prior to transmitting an unlock command to an access governor. Additionally, the access system uses an access node configured to shape the radiation pattern of short-range wireless communications to better determine the position of a user proximate to an access governor.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation-in-part of U.S. patentapplication Ser. No. 15/007,797 filed on Jan. 27, 2016, which is acontinuation-in-part of U.S. patent application Ser. No. 14/740,649filed on Jun. 16, 2015, which is a continuation-in-part of U.S. patentapplication Ser. No. 14/307,667 filed Jun. 18, 2014, which is acontinuation of U.S. patent application Ser. No. 12/536,103 filed Aug.5, 2009, which is a continuation-in-part of U.S. patent application Ser.No. 12/368,601 filed Feb. 10, 2009, all of which are entitled “A Systemand Method for Accessing a Structure Using a Mobile Device” and all arehereby incorporated by reference to the extent not inconsistent.

FIELD OF THE INVENTION

The present invention generally relates to an access system including awireless user device and a proximity verification device. Moreparticularly, the present invention pertains to a radio frequency patchantenna design and radiation pattern shaping to be used for receiving arequest for access from a user's mobile phone and confirms its usingperiodically changing access codes.

BACKGROUND

In the United States alone there are more than 4.5 million hotel roomsavailable to travelers. Currently, these hotel rooms have anindustry-wide occupancy rate of just over 60%, with the occupancy ratesof various geographic areas and individual hotels varying wildly. Thisoccupancy rate often drastically affects the bottom line of a hotel orhotel chain. To increase their occupancy rate, and thus theirprofitability, hotels make every attempt to please their guests in orderto encourage them to return. In order to please their guests, and lurenew ones, hotels have continuously added amenities, such as on-sitespas, restaurants, fitness centers, and in-room coffee machines ormini-bars.

In addition to these additional amenities, hotels have adopted a varietyof different check-in procedures to minimize the time required for aguest to check-in. These procedures include adopting electronic keycards as opposed to mechanical keys, which enhances guest security andallows the hotel to change to a new room key, alleviating the need forthe guest to return the keys to the front desk at check-out. However,even these procedures still present a distracting delay to a hotel'smost valuable customers, business travelers. To increase loyalty amongstthese frequent travelers, among others, most major hotel chains haveinvested tremendous assets in developing rewards programs, such as theHilton HHonors® Program. The goal of these programs is to allow hotelchains to better understand the needs of travelers and make their stayas streamlined as possible. For instance, some hotels provide expresscheck-in for a select set of their guests, while others providecheck-in/check-out over the Internet or via a computer kiosk located inthe hotel lobby. While these advances have certainly increased theoccupancy rates of the various major hotel chains, they have not yetsolved the problem of fully automating the guest check-in/check-outprocess, thereby allowing a guest to arrive at their hotel and entertheir room without any additional time-consuming steps.

Similarly, these issues can be found in a number of situations thatrequire secured access into a building, facility, or designated area,such as for example airline gates, concert or other event gates, andpublic transportation gates. These structures can use wireless accesspoints that can communicate with a user device having the requiredauthentication to allow a user to enter the structure. These accesspoints can use directional patch antennas that have associated backlobes that emit the signal in the opposite direction. When two patchantennas are placed proximate to one another, such as in a back-to-backorientation and face opposite directions, the near field signalstrengths do not reliably indicate or differentiate between the twoantennas due to the back lobes. For applications that requiredetermining when user is inside or outside of a structure, thisdifferentiation critical. Current methods of reducing back loberadiation of patch antennas creates a highly focused directionalantenna, meaning that the main lobe bandwidth is also reduced while thegain directly in front of the antenna increases.

This disclosure is applicable in all areas where customers are waitingin a queue for entrance or access to a structure, vehicle, venue, or anyother type of restricted area. Additionally, this disclosure isapplicable to various radio communications and short-range wirelesscommunications that can be used for communicating between a device andan access point. There is a need to better shape the radiation emittedand limit back lobe radiation to better differentiate the location of auser.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a diagrammatic view of an access system according to oneimplementation of the present invention.

FIG. 1B is a diagrammatic view of an access system according to oneimplementation of the present invention.

FIG. 1C is a diagrammatic view of an access system according to oneimplementation of the present invention.

FIG. 2 is a process flow diagram illustrating one set of steps performedin enabling a user to access a structure using a wireless device and thenovel access system.

FIG. 3 is a process flow diagram illustrating one set of steps performedin providing access to structure to a user using a wireless device andthe novel access system.

FIG. 4 is a diagrammatic view of a token suitable for use in oneembodiment of the present invention.

FIG. 5 is a process flow diagram illustrating an alternate set of stepsperformed in providing access to structure to a user using a wirelessdevice and the novel access system.

FIG. 6A is a perspective view of an exemplary embodiment of a radiofrequency patch antenna enclosure.

FIG. 6B is a perspective view of an exemplary embodiment of a radiofrequency patch antenna enclosure.

FIG. 7A is a perspective view of an exemplary embodiment of an accessnode in an application having a door.

FIG. 7B is a perspective view of an exemplary embodiment of an accessnode in an application having a door.

DETAILED DESCRIPTION OF THE INVENTION

For the purposes of promoting and understanding of the principles of theinvention, reference will now be made to the embodiment illustrated inthe drawings and specific language will be used to describe the same. Itwill nevertheless be understood that no limitation of the scope of theinvention is thereby intended. Any alterations and further modificationsin the described embodiments, and any further applications of theprinciples of the invention as described herein are contemplated aswould normally occur to one skilled in the art to which the inventionrelates.

Currently, systems exist, such as the Signature RFID/NFC system fromVingCard, which provide a user access to a hotel room using their mobilephone. However, such systems all require a specialized transceiverwithin the door of the hotel room and the user's mobile phone such thatthe two may communicate using a short-range wireless technology. Only aslight fraction of existing mobile phones are currently capable of beingused with such systems, and it may be quite some time before suchtechnology is common, if ever. Furthermore, many point-to-point priorart systems are unable to communicate directly with the door locks oncedeployed. The only way updating may be accomplished is through a user'sdevice, which is not an inherently trusted source.

Other technologies exist for remotely allowing a user to monitor andcontrol the open or closed state of an entryway, such as a garage door,using a cell phone connected to a controller over the Internet. However,these technologies do not provide sufficient security as they aredesigned for purposes other than secure access control. For example,these systems allow a user to send a command to open a door from anylocation where they have Internet access. However, their unlimitedavailability also introduces several significant vulnerabilities tounauthorized access. As such, many problems exist in the prior art whichare solved by the secure access system of the present invention.

As shown in FIG. 1A, one embodiment of an access system 20advantageously permits a user to access a structure 40 using a wirelessdevice 24. In addition to lodging and workplace access systems, it willbe appreciated that similar embodiments of the access system to bedescribed also encompass systems for controlling access to otherstructures or openings/doors thereof. In the illustrated embodiment,according to FIG. 1A, the described system comprises an access system 20for allowing a hotel guest to access their assigned hotel room 40 usinga wireless device 24, which in the preferred form, is the user'sBluetooth® capable cell phone 22 or other wireless appliance 28. Assuch, it will be understood that many of the descriptions herein withrespect to a hotel environment and the like are meant for illustrativepurposes and that the concepts herein are generally applicable to ageneral safety and security access system and are not limited to only ahotel room access system.

Examples of other structures for which the novel access system may beadapted include other rooms within a hotel (i.e. workout rooms, pools,VIP lounges), office buildings, school/university buildings, warehouses,and portions thereof, event ticket gates/turnstiles, airplanes, airportsecurity points, movie theatres, safety deposit boxes, mailboxes,lockers, or other enclosures for which providing selective user accessis desired. Other applications that may not necessarily be structures,but shall be referred to generally herein as a “structure” in thisapplication can include any restricted area, such as for example,parking lots and garages, public transit access gates, public buses,railroad terminals, subway terminals, other transportation gates andcheckpoints. The terms “structure” and “restricted area” will beunderstood by one skilled in the art to be used interchangeably herein.

Additionally, as explained later, access system 20 may also provide theuser with various features including, but not limited to, automatedcheck-in/check-out via an electronic kiosk or their wireless device,access to restricted members-only areas or lounges, and the like. Otherfeatures of access system 20 include the ability to request variousreports on activity relating to the entry of various structures.Illustratively, some embodiments of the access system 20 allow thesystem to provide an activity log that reports the access requestsduring a specified period of time or for a specified user.

As shown in FIG. 1A, according to the illustrative embodiment, theaccess system 20 interfaces with one or more wireless devices 24, suchas cell phone 22 or wireless appliance 28, to allow a user to accesstheir assigned hotel room. Cell phone 22 is preferably a mobile phoneused for mobile voice or data communication over a network of celltowers. In addition to the standard voice function of a mobile phone,cell phone 22 preferably supports many additional services, andaccessories, such as SMS for text messaging, email, packet switching foraccess to the Internet, Bluetooth, infrared, and GPS.

Illustratively, in some embodiments, the access system 20 is operablycoupled to data network 12. Data network 12 is preferably the Internet,which is a TCP/IP based global network; however, the user of the term“Internet” herein shall be understood to refer to at least a portion ofany public interconnected electronic network which interchanges data bypacket-switching.

More specifically, access system 20 may utilize cellular phone network11 and data network 12 to interface with a wireless device 24, such ascell phone 22. Cellular phone network 11 may comprise a variety ofcommunication networks, including without limitation the universalmobile telecommunications system (UMTS), global system for mobilecommunication (GSM), and a code division of multiple access (CDMA)network, or similar technology. Cellular phone network 11 utilizes celltower 26 to establish a wireless bi-directional transmission linkbetween data network 12 and cell phone 22, which may comprise a wirelessdata link, such as the Evolution-Data Optimized (EVDO), Enhanced Datarates for GSM Evolution (EDGE), 3G, 4G, LTE, WiMax, or other wirelessdata connection. Similarly, other wireless appliances 28, such as Palm,Samsung, and Motorola smartphones or other portable wireless appliancessuch an the iPod Touch or Microsoft Zune may be configured to connect toaccess system 20 through access node 50 to allow a user to access theirhotel room.

Alternatively, or additionally, access system 20 utilizes at least oneaccess node 50 to interface with wireless device 24. Access node 50 is awireless node implementing a short-range wireless standard, such asBluetooth®, which once paired with, may provide access to the Internetand data network 12 to wireless device 24 via internal network 54, inaddition to server 60. Additionally, in a further form, access node 50preferably broadcasts a wireless signal, implementing a wireless localarea network, such as 802.11 a/b/g/n or the like thereby providingInternet connectivity via a traditional wireless network to hotelguests. According to the illustrative embodiment, access node 50broadcasts information which is linked to the location of the userdevice over one or both of its short-range wireless signals to wirelessdevice 24.

In the illustrative form, access system 20 includes a plurality ofaccess nodes, such as access node 50, where each node is strategicallypositioned near a specified structure (i.e. a hotel room). The accessnodes are preferably always in a discoverable mode so that wirelessdevices 24 may be paired with them on demand in the event the wirelessdevice 24 is authorized, such as by having an authorized MAC address. Ina further form, the access nodes are not in a discoverable mode and thepairing of the access nodes with wireless device 24 occurs prior to theuser's arrival programmatically. Illustratively, in some embodiments,access node 50 is operatively connected to server 60 to process andauthenticate electronic unlock requests from wireless devices 24.Firewall 52 includes at least a hardware or software implementedfirewall or other selected security features to prevent external accessto server 60 or access node 50.

The location information maintained by access node 50 is linked to thepresent/assigned location of the node and is used in processing anyunlock request. For example, an access node on the fourth floor of ahotel in downtown Chicago may be assigned a unique hotel identifiercoupled with a hotel zone identifier. Alternatively, the node may beassigned a single identifier which is then linked to its location by thewireless device 24 or server 60.

Access system 20 additionally comprises a mechanical lock 34 for lockingand unlocking a structure 40 (partially shown). In the illustratedembodiment, a user gains access to the structure 40 via door 32. In theillustrative embodiment, mechanical lock 34 is a mechanical door lock,which includes a locking mechanism similar to a common entry or exteriorlock, but is further capable of self-unlocking in response to anelectronic signal. In a further form, the lock 34 includes electronicsor circuitry to enable it to periodically receive unlock keys and verifythe unlock requests against them when appropriate. In alternate formsthe lock 34 may include an existing or traditional lock for securing adoor combined with a separate but connected device for performing thesefunctions, such as to enable retrofitting or combination with separatelocking devices.

For purposes of non-limiting example, mechanical lock 34 may include acam lock, rotary latch, electro-mechanical lock, magnetic lock, or thelike. According to one preferred form, lock 34 unlocks in response to anelectrical signal sent from an access node 50. In an alternate form, thelock 34 unlocks in response to an electronic signal sent from a wirelessdevice 24. In one form, the electrical signal is sent wirelessly, suchas over a low-power RF connection, such as a Zigbee® or Bluetooth®connection (including Bluetooth® LE). In a further preferred form, thelock 34 returns to a locked state following the passage of apredetermined time period or a user opening and closing the doorfollowing the receipt of an unlock signal. In some additional forms,lock 34 or door 32 may also include a mechanical key slot, key card, orother entry permitting authentication means 36 in addition to, or asbackup for, that described herein with respect to lock 34. In addition,it shall be appreciated that system 20 may be applied to accessrestrictions other than locks including, for example, an elevatorcontrol system providing limited access, a garage door, or others accessbarriers, as described later.

In a further embodiment, the lock 34 can be associated with an accessgate or turnstile, where the access gate or turnstile may act in asimilar capacity as a door 32, and be used to control access into anyrestricted area, such as for example, an event venue or publictransportation terminal (i.e. subway terminal, bus station, trainterminal, or airport gate). Upon receiving the unlock keys and verifyingthe unlock requests against them then—as appropriate—allows the useraccess through the turnstile, gate, or other access control mechanism.In this embodiment the unlock keys could be an event ticket, airlineticket, or public transit pass.

According to an exemplary embodiment illustrated by FIG. 1A, server 60operates to receive unlock requests from access node 50 over internalnetwork 54. In one form, the server 60 serves to authenticate therequest or a portion thereof using a reservations and occupancydatabase, while in other forms, the access node 50 may perform at leasta portion of the authentication. In the illustrative embodiment, server60 processes each request corresponding to an unlock request received byaccess node 50 from wireless device 24, and upon proper authentication,confirms the granting of the request to access node 50 which thentransmits an electronic signal to the corresponding lock, such as lock34, permitting access to the structure 40. While server 60 is describedand illustrated as being a server, it should be understood that server60 may be any computer, including a client server arrangement. Server 60may interface with access node 50 by either a wireless or hardwiredinterconnection. Preferably, the connection is a secured connection. Anon-limiting example list of potential interfaces includes IR, optical,RF, serial port, IP network, and USB. Additionally, the functions ofserver 60 and access node 50 may be integrated into one computer system.Further, some or all of the functions of server 60 may be implemented bya remote server or other cloud based configuration.

In one form, access node 50 is fixed at a single position, but in analternate form, access node 50 may be moveable, such as located withinan elevator, and include a floor detector, so that the node maybroadcast information linked to the appropriate floor upon which it iscurrently located. In a further form, an access node 50 is fixed withinan elevator and connected to the elevator control system to allow thewireless device to communicate floor authorization information to accessnode 50. As such, the wireless device 24 may broadcast a floor to whichthe user is authorized to access so that the user may select that floor.In a further form, the elevator may be automatically commanded to takethe user to that floor by access node 50 or server 60. As such, the useris enabled to access the floor or may experience a touchless trip to theproper floor.

In still other embodiments, lock 34 is operably coupled to an overrideswitch (not shown) having an access disable state. Asserting theoverride switch prevents the access system 20 from permitting access tocorresponding structure 40. As one non-limiting example, the overrideswitch may be asserted when a guest engages a deadbolt or bar latchwithin their hotel room. In some embodiments of the access system 20,the override switch is incorporated into an electronic control, notshown here, accessible to the user within structure 40.

A flowchart illustrating one set of steps performed in configuring awireless device 24 for use in accessing a structure 40 according to oneembodiment of the present invention is shown. The process involves awireless device 24 and the various other components of access system 20.The following description is with continuing reference to access system20 of FIG. 1A. As shown in FIG. 1A, the wireless device is cell phone22; however, it is understood that other networked appliances are alsointended. It shall be appreciated that while the process is describedwith respect to the reservation and check-in process common for a hoteland hotel room the novel access system could be adapted for applicationin various settings to provide for the same desired result. As such, theconfirmation and check-in process may be replaced with an employeeauthorization process or the like depending upon the nature of thestructure being utilized.

In another embodiment illustrated by FIG. 1B, the door 32 shown in FIG.1A may be replaced by an access governor 32 b, such as a security guard,mechanized gate, authorized airline personnel, turnstile, or otherauthorized personnel. Upon receiving the unlock keys and verifying theunlock requests, the access node 50 b may provide an electronic signalto an indicator 70 b that may notify the access governor 32 b when it isappropriate to allow the user access to the restricted area 40 b. Asshown in FIG. 1B, the indicator 70 b may be any form of indication ofgranting or denying access, including but not limited to, an electricalsignal, an audio or visual notification with a light or a buzzer, or acombination of both. Additionally, the indicator 70 b may also becapable of providing additional data or another electronic signal toanother wireless device, which may be associated with any accessgovernor 32 b. The access node 50 b gives either (i) an affirmativenotification associated with an unlock key, whereupon the accessgovernor 32 b permits user access into the structure or restricted area;or (ii) a denial notification whereupon the access governor 32 b isinstructed to prevent the user from accessing the restricted area 40 b.Similarly, the access node 50 b may transmit an authentication signal ordata to another wireless device in proximity to or otherwise associatedwith the access governor 32 b and may provide the access governor 32 bwith other data that may be associated with the user's uniqueidentifier.

According to another embodiment illustrated by FIG. 1B, server 60 boperates to receive unlock requests from access node 50 b over internalnetwork 54 b. In one form, the server 60 b serves to authenticate therequest or a portion thereof using a database, while in other forms, theaccess node 50 b may perform at least a portion of the authentication.As shown in FIG. 1B, server 60 b processes each request corresponding toan unlock request received by access node 50 b from wireless device 24b, and upon proper authentication, confirms the granting of the requestto access node 50 b which then transmits an electronic signal to theindicator 70 b which then notifies the access governor 32 b to permit ornot to permit access to the restricted area 40 b. While server 60 b isdescribed and illustrated as being a server, it should be understoodthat server 60 b may be any computer, including a client serverarrangement. Server 60 b may interface with access node 50 b by either awireless or hardwired interconnection. Preferably, the connection is asecured connection. A non-limiting example list of potential interfacesincludes IR, optical, RF, serial port, IP network, and USB.Additionally, the functions of server 60 b and access node 50 b may beintegrated into one computer system. Further, some or all of thefunctions of server 60 b may be implemented by a remote server or othercloud based configuration.

An optional feature of the embodiment shown in FIG. 1B is the additionof a secondary authenticator. In this option, the secondaryauthenticator is any suitable device or system that augments the primaryaccess governor to confirm the electronic signal from the access node isappropriately associated with the distinct user. For example, thesecondary authenticator may be a motion sensor that, in one example,determines whether the user has passed through the access governor. Thesecondary authenticator is in electronic communication with the accessnode. In an additional optional embodiment, the access governor may bein the form of a vestibule having a first gate that allows access intoan intermediate check point and a second gate that allows access intothe restricted area, wherein the user may be allowed entry past thefirst gate into an intermediate check point at which point the gatecloses behind them to ensure a controlled number of users entry into theintermediate check point, such as a single user at a time. Uponreceiving an access request and authorization, the second gate opensallowing the controlled number of users access into the restricted area.This embodiment provides additional assurance that only users withproper credentials are allowed access into the restricted area.

Similar to the exemplary embodiment show in FIG. 1B, a gate can beunderstood to be a virtual gate that does not physically impede a user;rather, a gate may also encompass a defined area and has at least onemotion sensor. In this exemplary embodiment, a motion sensor may sensethe presence of a user and may track their location in a restricted orunrestricted area. Additional motion sensors may be used to track themovements of a user within a restricted or unrestricted area which mayprovide an additional security function. Upon verifying the unlockkey(s), an access node may provide an electronic signal to an indicatorthat notifies an access governor when it is appropriate to allow theuser access to the restricted area. Additionally, a motion sensor can beused to trigger the requirement of a digital impression of the user asthey access a restricted area before exiting the gate, such as abiometric scan or photograph. If motion is detected and a digitalimpression was not recorded an indicator may notify the access governor.This embodiment could be implemented in a number of uses for airlinegate access, approval, and entry to and through the jet bridge.Similarly, this embodiment could be used in many service drive-throughlanes to sense a user in a car and trigger a charge to their electronicwallet upon sensing the user at a pick-up window. Another application ofa motion sensor, is its ability to sense a user approaching a monitor inan airport and then to highlight the user's flight in a predeterminedcolor on the monitor. This may provide the user the ability to quicklyidentify the gate for their flight without undue searching and timedelay.

In another aspect, the access nodes may be capable of detecting multipleusers in the access gate and identifying each of the users. Multipleaccess nodes can be used to determine if the users are entering orexiting a predetermined area. This aspect of the invention could be usedfor, but not limited to, use in conference room/conference attendancemonitoring, crossing a secured border, commercial security for naturaldisasters or emergencies, and the ability to split checks betweendifferent users and the same table.

Additionally, as shown in FIG. 1C, a pressure sensitive mat or pad 80 ccan be placed in proximity to an access gate 32 c. The pressuresensitive mat 80 c can be communicatively connected through an accessnode 50 c to the internal network 54 c and server 60 c that is inconnection with the access node 50 c and access governor 32 c. Thepressure sensitive mat 80 c can have sufficient sensitivity todistinguish individuals within a plurality of people standing on thepressure sensitive mat 80 c. Accordingly, the pressure sensitive mat 80c in communication with an access node 50 c can distinguish between anauthorized user and an unauthorized user or nonuser. Furthermore, tohelp ensure the distinction between authorized and unauthorized users,the pressure sensitive mat 80 c can be communicatively connected to amotion sensor. The ability to distinguish between an authorized user andan unauthorized user can be advantageous in situations where an accessgovernor 32 c does not require the isolation of a single user toauthenticate their unlock request credentials before granting accessinto a restricted area 40 c. More specifically, this can be applicablein venues that have a large access area that is being monitored bysecurity personnel scanning tickets. Both authorized and unauthorizedusers can be present on the pressure sensitive mat 80 c and approach theaccess governor 32 c simultaneously. The access node 50 c in conjunctionwith the pressure sensitive mat 80 c can sense the presence of anauthorized user versus an unauthorized user and alert an access governor32 c of an unauthorized user attempting to access the restricted area.

Furthermore, a secondary identifier can be used to further authenticatethe authorized user. The secondary identifier can be a biometric sensoror other unique user identifier, such as a PIN. The pressure sensitivemat 80 c can also be communicatively coupled to a camera that willtrigger a photo or video to be taken when an unauthorized user isattempting to access the restricted area. This pressure sensitive mat 80c can effectively help prevent “piggy-backing” into a restricted area,thus preventing unauthorized users from entering restricted areas withthe help, knowingly or unknowingly, of authorized users. Multiple accessnodes can be used and communicatively coupled to the pressure sensitivemat 80 c to accurately pinpoint and distinguish a user from anunauthorized user.

Additionally, the pressure sensitive mat 80 c can be used inpoint-of-sale (“POS”) and secure processing applications. A pressuresensitive mat 80 c can sense a user who is in a queue to pay for anitem. In one example, a user could pre-order an item and while waitingin line for preparation or packaging, the pressure sensitive mat 80 ccan track as the user moves in the queue/line. Upon reaching apre-determined location/checkpoint, such as the register or counter, anaccess node 50 c can trigger an authorization request to initiatepayment from the user's virtual wallet for the item. In anotherembodiment, instead of initiating a payment from a virtual wallet, theaccess node 50 c can trigger a payment demand to a POS system, such as acredit or debit reader, or similar system that requires a user to swipetheir card or pay using any other suitable means.

Another example can include an access node 50 c detecting when a userenters the store to trigger preparation of the items or the user'sorder. A user's movement can be tracked as the user moves along thepressure sensitive mat 80 c in connection with the access node 50 c.Upon reaching a pre-determined point on the pressure sensitive mat 80 can employee of the store can deliver the user's order and the accessnode 50 c can trigger a debit from the user's virtual wallet. A merchantcan then deliver a user's order upon successful payment by the user.

For additional security during payment, a secondary identifier can beused such as a biometric sensor or signature block to acknowledge thatthe proper user's virtual wallet is being debited. If a user does nothave a virtual wallet, the access node will indicate the user'sinformation and order or request to the vendor, requiring the user topay through a traditional POS system.

As shown in FIG. 2, the process begins at start point 200 with the novelservice receiving confirmation of the booking of a hotel stay for a user(stage 202). The confirmation information preferably identifies thehotel and the user and includes a check-in/check-out date along withdetails of the type of room requested/reserved. In the preferred form,this confirmation information is received by server 60 as a result of ahotel booking being made for a user either online, in person, or overthe phone.

Subsequent to receiving the confirmation information, a confirmationmessage is sent to the wireless device 24 of the user (stage 204).Preferably, a phone number or e-mail address corresponding to the user'swireless device is submitted along with the booking information. Theconfirmation message may be in the form of an e-mail, SMS, text message,push notification or the like, sent over data network 12. Theconfirmation message includes a hotel identifier, user identifier, andan access string. In the illustrated embodiment, the confirmationmessage is handled by an installable application on the user's wirelessdevice 24 which is available for install to the user, such as via thehotel website, a third-party website, other application source, ordownload source indicated in the confirmation message. Preferably, theapplication is suitable for operation on various mobile operatingsystems including Microsoft Mobile, Symbian OS Palm OS, webOS, MobileLinux, Apple OSX (iPhone® and iPad®), Android and MXI. In other forms,the application used by wireless device 24 may be browser-based and/orembedded software, to name a few non-limiting examples.

As a result of receiving the hotel identifier, the application will beable to retrieve access codes to enable wireless device 24 toautomatically pair with access nodes at the appropriate hotel uponarrival. Preferably, those access codes will only be available the dayof scheduled arrival or slightly before to prevent unauthorized accessduring the designated start and ends times of the stay, which are set bythe system. In a further form, the pairing may be establishedautomatically prior to the user and device 24 arriving at the hotel. Inorder to allow the user to access their room, a specific room must beassigned to the user. Traditionally, this has occurred either the day ofcheck-in or during the check-in process. However, in the illustrativeform, the user is assigned a specific room automatically prior to orupon arriving at the hotel. In one form, this occurs as a result of thewireless device 24 associated with the user transmitting a check-inrequest to wireless node 50 which is then sent to server 60 (stage 206).The check-in request is preferably triggered by the user's wirelessdevice 24 connecting to an access node 50 within the hotel indicated bythe hotel identifier of the confirmation message during the timeframeindicated by the check-in/checkout dates. Alternatively, the check-inrequest may be transmitted via an electronic kiosk in the hotel lobby,via the user device 24 over data network 12, or an actual in-personcheck-in entered by a hotel representative. It is preferred that thecheck-in request be sent over network 54 to server 60. In an alternateform, the check-in request may be sent over the Internet to server 60without the user being present at the hotel.

Upon receiving a check-in request, access node 50 communicates withserver 60 to confirm the dates and access string provided by thewireless device 24 and assign a room matching the reservation of theuser (stage 208). In the preferred form, this is accomplished by server60 which interfaces with the hotel's management system to store theappropriate access credential in an electronic database accessible toserver 60. In addition, the server 60 associates a key code matching theuser's confirmation message with the assigned room. In an alternateform, step 208 may be omitted and the access system 20 may simplyautomatically assign a room to the user, as described above with respectto step 208, on the day of check-in absent an indication of the user'spresence at the hotel or the like.

The details of the assigned room, including its number and location, arethen sent in a return message to the user's wireless device 24 by server60 via access node 50 (stage 210). This enables the user to send anelectronic request for access to the hotel room to access node 50 usingwireless device 24. In one form, the MAC address of the wireless device24 or data based thereon is transmitted along with the request foraccess, and this MAC address is similarly stored in the electronicdatabase in association with the assigned room. The process ends at endpoint 212. It shall be appreciated that this process may be modified toaccommodate more than one authorized hotel guest per room, such ashaving two wireless devices authorized to enter the same hotel room, orallowing a current guest to authorize the wireless device of another toaccess the hotel room for any portion of their remaining stay.

In continuing the description of the embodiment described with respectto FIG. 2, a flowchart illustrating one set of steps performed inallowing a user to access structure 40 using wireless device 24 and thevarious other components of access system 20 is shown. The followingdescription is with continuing reference to access system 20 of FIG. 1Aand the description accompanying FIG. 2.

As shown in FIG. 3, the process begins at start point 300 with thewireless device 24 receiving location information linked to the currentlocation of the user and wireless device 24 from access node 50 (stage302). In one form, this location information is received or determinedby wireless device 24 from access node 50 which is located near theuser's assigned room (represented by structure 40). In the preferredform, access node 50 broadcasts a hotel identifier and a zone or areaidentifier which correspond to zones, such as floor, wings, or portionsthereof in a hotel. In an alternate form, a unique identifier is sentalong with a received unlock request by access node 50 which is thenused as a lookup in a location table by wireless device 24 or by server60. As a result, an added layer of security is provided by server 60being configured to only authorize requests from access node 50 (whichis an access node within range of the door requested to be unlocked) andsubsequently authenticating those unlock requests received to confirmthat the requesting wireless device 24 is authorized.

Depending upon the application, structure 40 may be within the broadcastrange of access node 50, or the node 50 may be only located nearby, suchas near the main elevator, stairway, hallway, or other essentialentranceway. Once the wireless device 24 is within range of and isconnected to access node 50, the wireless device 24 transmits an unlockrequest, which is received by access node 50 and passed on to server 60(stage 304). Additionally, the access nodes 50 may be configured torequire a predetermined signal strength prior to permitting an unlockrequest to be issued, to ensure that the user is in close proximity tothe door which access is requested for. In the illustrated embodiment,this request is sent through internal network 54, but it shall beappreciated that the message may also be sent through another wirelessnetwork, such as 802.11 or another similar technology. The unlockrequest may include any of the following: hotel ID, room number,location information, user name, reservation number, check-in/check-outdates. In addition, other information may be included in the request.

In a still further form, the node 50 approximates the distance betweenitself and wireless device 24 using a signal strength determination. Azone may then be set (including a distance minimum or min/max range)which defines the distance the user along with wireless device 24 wouldbe from the node 50 when in an acceptable vicinity of their assignedstructure 40. If this determined distance does not match that set by theoperator, then any unlock request send will not be authorized.

Once an unlock request is received by server 60, server 60 authenticatesthe MAC address of the wireless device as well as the validity of thecurrent reservation and confirms the request with access node 50. Uponreceiving this confirmation, access node 50 transmits an unlock commandto the appropriate lock 34 using the Zigbee® or Bluetooth® LE connection(step 306). Upon receiving the unlock request, the lock then unlocks thestructure and enables the user operating wireless device 24 to enter.The process ends at end point 308.

Turning to FIG. 4, a user node suitable for use in a further embodimentof the present invention is illustrated. User token 150 is devicesuitable for being queried by a wireless device 24. Token 150 isoptionally provided to the user by the hotel or structure duringauthorization. Token 150 may include a coded unique identifier or someother verifiable data. Prior to sending any request, such as an unlockrequest, wireless device 24 may optionally be programmed to query forthe presence of token 150 within its presence. In the event that a token150 having the verifiable data is not found, then the request may beblocked. However, in the event the token 150 is within the proximity ofwireless device 24 the request may be transmitted. As such, the user maybe required to carry token 150 to ensure that wireless device 24 onlyfunctions with access system 20 when in the presence of the authorizeduser. According to this embodiment, token 150 is a passive Bluetoothnode, but may be any other short-range wireless device, such as RFID orthe like. Preferably, token 150 does not require its own power source.

In again continuing the description of the embodiment described withrespect to FIG. 2, a flowchart illustrating one set of steps performedin an alternative process for allowing a user to access structure 40using wireless device 24 and the various other components of accesssystem 20 is shown in FIG. 5. The following description is withcontinuing reference to access system 20 of FIG. 1A and the descriptionaccompanying FIG. 2.

Referring to FIG. 5, the process begins at start point 500 with thewireless device 24 connecting to an access node 50 (stage 502). As thewireless device 24 travels throughout a covered area, such as a hotel'sgrounds and/or interior spaces, it typically comes into contact with oneor more access nodes 50. In the event that the access node 50 currentlywithin range of the wireless device 24 is located near the user'sassigned room (represented by structure 40) (or alternatively whenaccess node 50 is programmatically authorized to permit access to theuser's assigned room) access node 50 and wireless device 24 establish aconnection and transmit information there between to confirm thatwireless device 24 is authorized to access structure 40 (stage 504). Itshall be appreciated that wireless device 24 and other access node(s) 50may similarly establish a connection, such as for other purposes;however, the remainder of the process below would not be completed. Forexample, wireless device 24 may automatically connects with a network orwireless nodes 50 for purposes of providing Wi-Fi access within a hotelor other area surrounding the structure 40.

In this embodiment, the information transmitted between the wirelessdevice 24 and the access node 50 in stage 502 is a unique identifier,such as a MAC address, or unique reservation ID which may have beenpreviously provided to the wireless device 24 by server 60. It shall beappreciated that, in the described hotel context, neither the uniqueidentifier utilized herein nor the unique reservation ID describedherein has to be the exact reservation number or confirmation numberused by the hotel, but only that the identifier selected identifies areservation, either directly or indirectly. In one form, this uniquereservation ID is provided to the wireless device 24 at or beforecheck-in. It shall be appreciated that in other applications outside ofa hotel, the wireless device 24 may provide merely a unique ID, such asa unique key, which identifies the device and/or user given that not allapplicable scenarios operate for time limited locations in the way thathotel reservations do. For example in the scenario where the describedsystem is implemented for a secured office, employees and otherauthorized persons could perpetually utilize unique IDs with no timelimitation so long as they remain valid. Further, in the event thedescribed system were used for attending a concert or boarding anairplane, a similar unique ID which may be associated with a concertdate/time or boarding date/time, as the case may be, might be utilized.

In a further form, the unique reservation ID may provide to the accessnode 50 in stage 502 any of the following: unique key ID, hotel ID, roomnumber, location information, user name, password, reservation number,check-in/check-out dates, or some combination thereof. Alternatively,this information may be derived from any information, such as a uniqueID and/or encryption key, stored within wireless device 24 for purposesof uniquely identifying itself to access node 50.

Once the initial transmission occurs, access node 50 utilizes at least aportion of the information (or information derived therefrom) to confirmthat wireless device 24 is authorized to access structure 40. Asdescribed above, in one embodiment, this request is sent throughinternal network 54 to server 60, but it shall be appreciated that theauthorization request may also be sent through another wireless network,such as 802.11 or another similar technology.

According to this embodiment, once the authentication request isreceived by server 60, server 60 authenticates the reservation ID of thewireless device, including the validity of the current reservation andconfirms the request with access node 50 (stage 506). Upon receivingthis confirmation, access node 50 transmits a secure unlock key to thewireless device 24 which wireless device 24 may utilize to accessstructure 40 (stage 508). At or about the same time, the access node 50transmits a matching or associated secure authorization key to the lock34 of structure 40. In one form, the secure authorization key istransmitted wirelessly, such as by using an RF connection, to lock 34.

In a further form, both the secure unlock key and the secureauthorization key provided by access node 50 are time limited in thatthey remain valid for only a short period of time, such as a day, anhour, thirty minutes, 15 minutes, 5 minutes, one minute, 30 seconds, 15seconds, 10 seconds, or the like. Further, in this form, the access node50 periodically transmits new secure unlock keys to wireless device 24and also periodically transmits new secure authorization keys to lock 34to replace the expiring keys (stages 508 repeats). In one form, thisperiodic transmission closely corresponds with the validity periodassociated with each.

Once a wireless device 24 receives a secure unlock key from access node50, the wireless device may submit an unlock request to the lock 34(stage 510). In one form, the unlock request is submitting directly fromthe wireless device 24 to the lock 34. Such an unlock request may beinitiated by the user selecting an option on the wireless interface ofwireless device 24. In another form, this may be initiated by the lock34, such as when the lock 34 senses that a user is within range or whenthe lock 34 senses a capacitive touch, such as to the door handle. Theunlock request may include the transmission of the most recent and theonly valid secure unlock key or secure authorization key, or informationcreated as a function of it, between wireless device 24 to lock 34. Inone form, wireless device 24 transmits its secure unlock key to lock 34which utilizes the received secure unlock key or information based on itand its own secure authorization key in order to determine whether theunlock request is authentic. In the event the unlock request isapproved, the lock 34 unlocks the structure and enables the useroperating wireless device 24 to enter (stage 512). The process ends atend point 514.

In another form, access system 20 additionally comprises a parkingaccess device (not shown) such as a garage door or parking gate coupledto lock control unit 42 selectively permitting access to a parking lotor structure (not shown). In this illustrated embodiment, a user is ableto gain access to the parking area via the garage door or parking gate.According to the preferred form, the parking access device permits auser's vehicle access to the parking area in response to an electricalsignal sent from a control device. In one form, the electrical signal issent wirelessly.

In further systems, a proximity node, similar to node 50, may beincluded in other areas so as to permit a user to access structures,such as a hotel parking garage, based upon the confirmation informationsent to their wireless device or other information as described herein.As such, the user's parking duration could be easily calculated andcharged to their hotel bill.

In still further systems, a notification process may be executed byserver 60 such that upon detecting a current hotel guest has left thehotel, a request for hospitality and cleaning services may be generated.In one form, the server 60 may detect a hotel guest leaving as a messagesent from the user's wireless device upon passing by a access nodelocated near the user's assigned room and another access node at one ofthe various exits to the hotel. Alternatively, the user opening the exitof the parking garage using their wireless device may trigger such anotification.

In yet another system, the wireless device may transmit information toserver 60 upon passing an access node which indicates the user'sentrance into the hotel or the area of their assigned hotel room. Thisinformation may trigger the in-room temperature to be raised to auser-specified or standard level or it may trigger the lights to beturned on, as described in U.S. patent application Ser. No. 10/126,486to Sunyich entitled “Personalized Smart Room”, which is herebyincorporated by reference to the extent not inconsistent. Similarly, thewireless device may transmit information to server 60 upon passing anaccess node 50 which indicates the user's access into or out of arestricted area. This information may trigger a fee or charge to anelectronic wallet, such as for example Google Wallet or Apple Pay, priorto sending the unlock request to an access node 50.

Referring to FIGS. 6A-B, an access node 650 can be comprised of at leastone antenna 601, such as a printed-circuit-board (PCB) patch antenna.The antenna can be housed in an enclosure that is configured to shapethe emitted radiation or short-range wireless radio signals emitted bythe antenna 601. The shaping of the emitted radiation or signals canhelp reduce the back lobe signal strength of the antenna whileminimizing the reduction of the bandwidth of the signal, which allowsfor greater signal coverage in front of the antenna. The wirelesscommunication signal used can be any suitable signal, including but notlimited to WiFi, Bluetooth, ZigBee, or NFC signals. The enclosure maycomprise a cover plate 603 and a backing plate 605, and optionallyfurther houses the antenna 601 that can be communicatively coupled to alight source 607. In one exemplary embodiment, the housing can furthercomprise a power source tray for housing a power source 611, such as abattery or a plurality of batteries. In one exemplary embodiment, thebacking plate 605 can act as the power source tray. Similarly, a powersource can be hard wired to the necessary components of the access nodeto ensure that power is consistently applied to the access node. Thebacking plate can have a lip 613 extending outward from the peripheraledge of the backing plate 605. The backing plate can be coupled to anaccess governor 615.

As shown in FIG. 7A-B, in one exemplary embodiment, the access systemand access node 750 a,b can be comprised of two enclosures on oppositesides of an access governor of a structure 715, such as a door. The twoaccess nodes 750 a,b can be oriented in a manner where thedirectionality of the antennas within each access node 750 a,b arefacing opposite of one another. Both backing plates 705 a,b of thehousings can have a lip 713 formed and configured in a way to shape theradiation or wireless radio signals emitted from the antenna, thuspreventing or minimizing the back lobe radiation from the antenna 701 inthe adjacent enclosure. In one exemplary embodiment the lip 713 a,b canbe formed around the peripheral edge of the backing plate 705 a,b. Thelip 713 a,b can extend a pre-determined distance perpendicularly outwardfrom the backing plate. Alternatively, the lip 713 a can extend in anysuitable angle outward from the peripheral edge of the backing plate,such as about 15° to about 165°, about 30° to about 150°, 45° to about135°, or about 60° to about 120°. In one exemplary embodiment, thebacking plate 705 a,b of the housing can have a lip 713 b formed only onthe top and bottom edge of the backing plate 705. In the aforementionedembodiment, each backing plate is positioned in a manner where the lip713 of each backing plate 705 a,b is extending away from the lip 713 ofthe other backing plate 705 a,b, in order to shape the signal andradiation away from the other backing plate 705 a,b and antenna 701.

The two housings can be communicatively coupled to one another and canshare a power source 711. In one exemplary embodiment where the twohousings are separated by a door 715, but can be coupled to each otherthrough the door using any suitable fastener, such as a screw or bolt.The backing plate 705 and cover plate 703 can be removeably coupled toeach other by any suitable means. Similarly, the backing plate 705 a,bcan have coupling points for the internal components within saidhousing, such as the antenna 701, light source 707, and power sourcetray. Both housings can have a light source that can be visible from theoutside of the housing.

The backing plates 705 a,b of the housings are configured to block orminimize any RF back lobe signal strength from leaking to the oppositeside of the door/structure 715. This can be aided by constructing thebacking plates 705 a,b of non-magnetic, RF blocking material. Thebacking plate can have the non-magnetic, RF blocking material instrategic locations, such as the back surface of the backing plate andthe shaped lip 713 a,b around the edge of the backing plate, to bettershape the emitted radiation pattern. The two backing plates 705 a,b canbe spaced a pre-determined distance apart from each other. In oneembodiment this distance apart can be the width of a door, or about 1″to about 2″ apart. The farther apart from each other the backing plates705 a,b are, the more likely access node 750 a,b is able to determine ifa user is on the inside or outside of a restricted area or which side ofa door the user is located.

One exemplary embodiment of the housings can be located on the exteriorsurface of a door, the RF blocking material can be made with anysuitable material, such as aluminum, and can be in the form of arectangular backing plate 705 a, such as about 2″ by about 3″, withabout a 0.59″ lip 713 a around it. In one embodiment, the antennas 701a,b can be printed onto circuit boards using FR-4 material at about0.059″ thickness. The backsides of the antennas can be copper and can beused as ground planes. The enclosure and antenna 701 b that face insideof the restricted area can utilize another rectangular aluminum backingplate 705 b with dimensions about 3.67″ by about 5″ and a lip 713 b thatis about 1″ in depth on the top and bottom only. The backing plates 705a,b, along with the separation of antennas 701 a,b by the width of thedoor 715, create a distinction between the desired signal and the backlobe of the undesired signal. The desired signal being the inside signalwhen a person is on the inside of the restricted area and the outsidesignal when a person is on the outside of the restricted area.

The antenna 701 a,b can interact with the backing plate 705 a,b of thehousing and can emit a RF radiation field in about 180° in relation tothe plane of the antenna 701 a,b. In alternative embodiments dependingupon the shape of the lip 713 a.b, the antenna can emit a RF radiationfield between about 15° to about 165°, about 30° to about 150°, 45° toabout 135°, 60° to about 120°, or about 90° with respect to the plane ofthe antenna 701.

The present invention reduces the back lobes signal strength of bothantennas 701 a,b, which improves the ability to differentiate a user'sposition relative to an access governor, such as a door 715. The presentinvention reduces the probability of false readings in the near fieldarea. This is necessary when a user is inside of a restricted area andthe signal strength of the antenna 701 a facing outside is stronger thanthe antenna 701 b facing inside. The backing plates 705 a,b shape theradiation pattern of the emitted radio waves, especially those from theantenna's 701 back lobes. The access node 750 or a plurality of accessnodes having the RF shaping properties can be used independently from orin conjunction with the above access governing system embodiments of thepresent disclosure.

While the invention has been illustrated and described in detail in thedrawings and foregoing description, the same is to be considered asillustrative and not restrictive in character, it being understood thatonly the preferred embodiment has been shown and described and that allequivalents, changes, and modifications that come within the spirit ofthe inventions as described herein and/or by the following claims aredesired to be protected.

Hence, the proper scope of the present invention should be determinedonly by the broadest interpretation of the appended claims so as toencompass all such modifications as well as all relationships equivalentto those illustrated in the drawings and described in the specification.

The invention claimed is:
 1. An access system allowing a user to accessa restricted area using a wireless user device, the access systemcomprising: a database storing access permissions identifying at leastone wireless user device authorized to access said restricted area andone access node authorized to permit access to said restricted area; anaccess governor including a locking device securing a restricted area,said locking device having a short-range wireless receiver suitable forreceiving unlock commands and responding by allowing a user access tosaid restricted area; an access node, separate from said locking device,positioned near said restricted area, comprising: an antenna configuredto emit a short-range wireless radio for connecting to the wireless userdevice; a power source communicatively coupled to said antenna; and atleast one enclosure comprising a backing plate have a peripheral edgeand a cover plate, wherein said enclosure houses said antenna and saidpower source, wherein said cover plate is configured to couple to saidbacking plate and enclose said antenna and power source; a serveroperable to receive an unlock request associated with a wireless userdevice and a structure from said access node and transmit an authorizedrequest to said access node upon authorizing said unlock request usingsaid database, wherein said unlock request is authorized only ifreceived from an access node authorized to permit access to saidrestricted area and originated from a wireless user device authorized toaccess said restricted area.
 2. The access system of claim 1, furthercomprising a pressure sensitive mat communicatively connected to theaccess node, wherein said pressure sensitive mat is configured to sensethe presence of the user on the pressure sensitive mat and determine ifthe user is an authorized user based on input from the access node andserver.
 3. The access system according to claim 1, wherein said antennaof said access node, comprises: a first short-range wireless radio usinga wireless networking standard for receiving a wireless access requestdirectly from a wireless user device; and a second short-range wirelessradio using a wireless networking standard to transmit an unlock commanddirectly to said locking device to permit access to said restricted areain response to receiving an authorized request.
 4. The access systemaccording to claim 1, wherein said wireless user device is a mobiletelephone.
 5. The access system according to claim 4, further comprisinga secondary authenticator.
 6. The access system according to claim 4,wherein said access node is configured to trigger a fee to an electronicwallet that is linked to user when said server requires a fee to enteror exit said restricted area.
 7. The access system according to claim 3,wherein said first short-range wireless radio uses first wirelessnetworking standard for receiving a wireless access request directlyfrom a wireless user device; and said second short-range wireless radiouses a second wireless networking standard which is different than saidfirst wireless networking standard.
 8. The access system of claim 2,wherein said access node further comprises an indicator communicativelycoupled to said antenna.
 9. The access system of claim 8 wherein saidindicator is configured to provide a notification to said accessgovernor, said indicator having a short-range wireless receiver suitablefor receiving access commands and responding by notifying said accessgovernor whether to allow a user access to said restricted area.
 10. Theaccess system according to claim 2, wherein said indicator has a shortrange wireless transmitter suitable for sending access notifications toanother wireless device indicating the accessibility of user to saidrestricted area.
 11. The access system according to claim 2, whereinsaid access node is configured to trigger a fee to an electronic walletthat is linked to user when said server requires a fee to enter or exitsaid restricted area.
 12. The access system according to claim 3,wherein said first short-range wireless radio uses first wirelessnetworking standard for receiving a wireless access request directlyfrom a wireless user device; and said second short-range wireless radiouses a second wireless networking standard which is different than saidfirst wireless networking standard.
 13. The access system according toclaim 1, wherein said access node and pressure sensitive mat areconfigured to track the location of the user, wherein said access nodeand pressure sensitive mat trigger a debit of an e-wallet associatedwith the user when the user reaches a pre-determined point on thepressure sensitive mat.